U.S. patent application number 16/975861 was filed with the patent office on 2020-12-31 for communication system and communication method.
The applicant listed for this patent is Nippon Telegraph and Telephone Corporation. Invention is credited to Hiroshi Osawa.
Application Number | 20200412805 16/975861 |
Document ID | / |
Family ID | 1000005086593 |
Filed Date | 2020-12-31 |
United States Patent
Application |
20200412805 |
Kind Code |
A1 |
Osawa; Hiroshi |
December 31, 2020 |
COMMUNICATION SYSTEM AND COMMUNICATION METHOD
Abstract
A construction unit of a conversion device constructs a VPN
connected to a VNF in a cloud platform, and a distribution unit
distributes a default route designating the conversion device as a
transmission destination to a router and another conversion device,
and distributes a redirect route to the VNF to which the conversion
device belongs to the router. A transfer instruction unit of a
controller provides an instruction of a transfer destination of a
packet to the conversion device connected to the same cloud
platform, the VNF, or another controller. A transfer unit of the
conversion device transfers the packet to a recent VNF in the
processing order of a chain where the VNF is in the same cloud
platform, and transfers the packet to a conversion device connected
to the VNF where the VNF is in a cloud platform that is different
from the same cloud platform.
Inventors: |
Osawa; Hiroshi; (Tokyo,
JP) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
Nippon Telegraph and Telephone Corporation |
Tokyo |
|
JP |
|
|
Family ID: |
1000005086593 |
Appl. No.: |
16/975861 |
Filed: |
February 25, 2019 |
PCT Filed: |
February 25, 2019 |
PCT NO: |
PCT/JP2019/007096 |
371 Date: |
August 26, 2020 |
Current U.S.
Class: |
1/1 |
Current CPC
Class: |
H04L 67/1097 20130101;
H04L 45/04 20130101; H04L 45/42 20130101 |
International
Class: |
H04L 29/08 20060101
H04L029/08; H04L 12/717 20060101 H04L012/717; H04L 12/715 20060101
H04L012/715 |
Foreign Application Data
Date |
Code |
Application Number |
Mar 2, 2018 |
JP |
2018-037614 |
Claims
1. A communication system comprising: a conversion device
configured to connect cloud platforms to a Wide Area Network (WAN);
and controllers respectively disposed for the cloud platforms,
wherein each of the controllers includes: a first storage unit
configured to store a chain that designates, in a processing order,
Virtual Network Functions (VNFs) that process a packet received
from a user terminal, and a transfer instruction unit configured to
provide an instruction of a transfer destination of the packet to a
conversion device connected to a same cloud platform, a VNF, or
another controller in accordance with the processing order of the
chain, and wherein the conversion device includes: a second storage
unit configured to store the chain, a construction unit configured
to construct a Virtual Private Network (VPN), which is connected to
a VNF in a cloud platform, in the WAN, a distribution unit
configured to distribute, to a router in the WAN or another
conversion device, a route designating the conversion device as a
transmission destination that is a route to the VNF in the cloud
platform to which the conversion device belongs and distribute, to
the router in the WAN, a route to a VNF at a head of the chain when
the VNF is in the cloud platform to which the conversion device
belongs, and a transfer unit configured to transfer a received
packet to a recent VNF in the processing order of the chain when
the VNF is in the cloud platform to which the conversion device
belongs and configured to transfer the received packet to the
conversion device connected to the recent VNF in the processing
order of the chain when the VNF is in a cloud platform that is
different from the cloud platform to which the conversion device
belongs.
2. The communication system according to claim 1, wherein a router
receiving a packet selects an optimal route in an Interior Gateway
Protocol (IGP) from among the distributed routes and transfers the
packet.
3. The communication system according to claim 1, wherein the
construction unit of the conversion device further constructs a VPN
for transmitting the packet to a destination user terminal at an
end of the chain.
4. A communication system according to claim 1, wherein the
transfer instruction unit of the controller also provides an
instruction of a VNF designated in an instruction from a different
controller as a transfer destination of the packet in a case in
which a VNF immediately before a VNF designated as a transfer
destination of the packet in an instruction from the different
controller in the processing order of the chain is in the same
cloud platform.
5. A communication method executed by a communication system
including a conversion device configured to connect cloud platforms
to a Wide Area Network (WAN) and controllers respectively disposed
for the cloud platforms, the method comprising: constructing, by a
conversion device, a Virtual Private Network (VPN), which is
connected to a Virtual Network Function (VNF) in a cloud platform,
in the WAN; referring, by the conversion device, to a second
storage unit configured to store a chain for designating VNFs that
process a packet received from a user terminal in a processing
order, distributing, to a router in the WAN and another conversion
device, a route to a VNF that is in a cloud platform to which the
conversion device belongs, and distributing, to the router in the
WAN, a route to a VNF at a head of the chain when the VNF is in the
cloud platform to which the conversion device belongs; referring,
by the controller, to a first storage unit configured to store the
chain and, in accordance with the processing order of the chain,
providing an instruction of a transfer destination of the packet to
the conversion device connected to the same cloud platform, a VNF,
or another controller; and transferring, by the conversion device,
the received packet to a recent VNF in the processing order of the
chain when the VNF is in the cloud platform to which the conversion
device belongs and transferring the received packet to a conversion
device connected to the recent VNF in the processing order of the
chain when the VNF is in a cloud platform that is different from
the cloud platform to which the conversion device belongs.
Description
TECHNICAL FIELD
[0001] The present invention relates to a communication system and
a communication method.
BACKGROUND ART
[0002] In recent years, the importance of a technology called
service chaining for drawing only necessary traffic to a service
function has increased due to progress in cloud and Network
Functions Virtualization (NFV) technologies. Also, edge computing
in which servers are arranged in a distributed manner near user
terminals and a concept called Central Office Re-architected as a
Datacenter (CORD) in which accommodation stations near user
terminals are re-designed as so-called clouds have been proposed.
Thus, there has been a need for a technology of service chaining
that can be applied to a wide range across a plurality of
clouds/Data Centers (DCs).
[0003] In the related art, technologies that can be used for
service chaining are roughly classified into three types, that is,
a type for a Wide Area Network (WAN), a type for a cloud/DC, and a
type for a wide area that can be used for both a WAN section and a
cloud/DC section.
[0004] Specifically, Border Gateway Protocol (BGP) FlowSpec is
known as a service chaining technology for a WAN (see Non Patent
Literature 1 and Non Patent Literature 2). In other words, it is
possible to route only a specific flow on the basis of an
independent table called a Virtual Routing and Forwarding Table
(VRF) using BGP.
[0005] As service chaining technologies for a cloud/DC, OpenStack
(see Non-Patent Literature 3) and OpenDayLight (see Non Patent
Literature 4) are known. In other words, it is possible to perform
steering in which a controller provides an instruction of a packet
destination in each Service Function Forwarder (SFF) using OpenFlow
or the like to perform transmission in a direction that is
different from that in an ordinary IP routing in a cloud platform.
Also, NSH (see Non Patent Literature 5) and Segment Routing (see
Non Patent Literature 6) have been disclosed as service chaining
technologies for a wide area.
CITATION LIST
Non Patent Literature
[0006] Non Patent Literature 1: "Dissemination of Flow
Specification Rules", [online], 2009, [searched on Feb. 15, 2018],
Internet <URL: https://tools.ietf.org/html/rfc5575> [0007]
Non Patent Literature 2: Shuichi Okubo, "Implementation and running
of service chaining in Interop Tokyo 2017 ShowNet, [online], 2017,
[searched on Feb. 15, 2018]; Internet <URL:
https://www.janog.gr.jp/meeting/janog40/application/files/6115/0-
123/2051/janog40-lt2-ohkubo.pdf> [0008] Non Patent Literature 3:
"Service Function Chaining", [online], 2018, [searched on Feb. 15,
2018], Internet <URL:
https://docs.openstack.org/ocata/ja/networking-guide/config-sfc.html
> [0009] Non Patent Literature 4: "Service Function Chaining
OpenDaylight Service Function Chaining (SFC) Overview", [online],
2016; [searched on Feb. 15, 2018], Internet <URL:
http://docs.opendaylight.org/en/stable-nitrogen/user-guide/service-functi-
on-chaining.html> [0010] Non Patent Literature 5: "Network
Service Header (NSH)", [online], 2018, [searched on Feb. 26, 2018],
Internet <URL: https://www.rfc-editor.org/rfc/rfc8300.txt>
[0011] Non Patent Literature 6: "Segment Routing for Service
Chaining", [online], 2018, [searched on Feb. 26, 2018]; Internet
<URL:
https://tools.ietf.org/html/draft-xuclad-spring-sr-service-chaining-00>-
;
SUMMARY OF THE INVENTION
Technical Problem
[0012] However, it is difficult to apply the technologies in the
related art to a wide area across a plurality of clouds/DCs. For
example, it is difficult to apply BGP FlowSpec for a WAN to all
general-purpose servers in a DC and to apply it to a cloud/DC
section because a large amount of routing resources such as Routing
Information Bases (RIB) are consumed.
[0013] Also, it is difficult to extend OpenStack or the like for a
cloud/DC because it is necessary to perform setting of OpenFlow or
the like for all SFFs that are targets of steering. It is difficult
to apply OpenFlow or the like, in which control is performed using
a single controller, to a WAN section because a variety of
dedicated routers that incur large costs for user transition,
namely migration and include old types may coexist in WAN
sections.
[0014] NSH and segment routing that can be applied to both a WAN
section and a cloud/DC section are novel technologies, and
implementation thereof has not advanced. In particular, it is
difficult to apply these technologies to old-type devices for a WAN
section in terms of performance and support periods, and early
introduction of these technologies has been difficult.
[0015] The present invention was made in view of the above
circumstances, and an object thereof is to easily implement service
chaining in a wide area across a plurality of clouds/DCs.
Means for Solving the Problem
[0016] In order to solve the aforementioned problem and to achieve
the object, a communication system according to the present
invention includes: a conversion device configured to connect cloud
platforms to a Wide Area Network (WAN); and controllers
respectively disposed for the cloud platforms, each of the
controllers including a first storage unit configured to store a
chain that designates, in a processing order, Virtual Network
Functions (VNFs) that process a packet received from a user
terminal, and a transfer instruction unit configured to provide an
instruction of a transfer destination of the packet to a conversion
device connected to a same cloud platform, a VNF, or another
controller in accordance with the processing order of the chain,
and the conversion device including a second storage unit
configured to store the chain, a construction unit configured to
construct a Virtual Private Network (VPN), which is connected to a
VNF in a cloud platform, in the WAN, a distribution unit configured
to distribute, to a router in the WAN or another conversion device,
a route designating the conversion device as a transmission
destination that is a route to the VNF in the cloud platform to
which the conversion device belongs and distribute, to the router
in the WAN, a route to a VNF at a head of the chain when the VNF is
in the cloud platform to which the conversion device belongs, and a
transfer unit configured to transfer a received packet to a recent
VNF in the processing order of the chain when the VNF is in the
cloud platform to which the conversion device belongs and
configured to transfer the received packet to the conversion device
connected to the recent VNF in the processing order of the chain
when the VNF is in a cloud platform that is different from the
cloud platform to which the conversion device belongs.
Effects of the Invention
[0017] According to the present invention, it is possible to easily
implement service chaining in a wire area across a plurality of
clouds/DCs.
BRIEF DESCRIPTION OF DRAWINGS
[0018] FIG. 1 is an explanatory diagram for explaining an outline
of processing of a communication system according to an
embodiment.
[0019] FIG. 2 is an explanatory diagram for explaining an outline
of processing of the communication system according to the
embodiment.
[0020] FIG. 3 is a schematic diagram illustrating an exemplary
outline configuration of the communication system according to the
embodiment.
[0021] FIG. 4 is an explanatory diagram for explaining processing
of the communication system.
[0022] FIG. 5 is an explanatory diagram for explaining processing
of the communication system.
[0023] FIG. 6 is an explanatory diagram for explaining processing
of the communication system.
[0024] FIG. 7 is a flowchart illustrating an exemplary procedure
for communication processing.
[0025] FIGS. 8A and 8B are explanatory diagrams for explaining
advantages of the communication processing in the communication
system.
[0026] FIG. 9 is an explanatory diagram for explaining an example
of the communication processing in the communication system.
[0027] FIG. 10 is an example illustrating an exemplary computer
configured to execute a communication program.
DESCRIPTION OF EMBODIMENTS
[0028] Hereinafter, an embodiment of the present invention will be
described in detail with reference to drawings. Note that the
present invention is not limited by the embodiment. In addition,
the same reference signs will be applied to the same parts in
illustration of the drawings.
[0029] Outline of Processing of Communication System
FIG. 1 and FIG. 2 are explanatory diagrams for explaining an
outline of processing of a communication system according to the
embodiment. First, conversion devices 10 and controllers 20 are
connected to a network in a communication system 1 according to the
embodiment as illustrated as an example in FIG. 1.
[0030] The conversion devices 10 are devices configured to connect
cloud platforms 3 to a WAN 2 and are disposed at boundaries of the
cloud platforms 3 and the WAN 2. The conversion devices 10 transfer
packets received via the WAN 2 to devices in the cloud platforms 3
with VNFs 4.
[0031] The controllers 20 are disposed for the respective cloud
platforms 3, Control Classifiers (CLs)/SFFs in the respective cloud
platforms 3 of the controllers 20, and cause the CLs/SFFs to
transfer packets. In other words, the controllers 20 cause the VNFs
4 in the respective cloud platforms 3 of the controllers 20 to
transfer packets transferred from the conversion devices 10 into
the cloud platforms 3 in a processing order designated by a
chain.
[0032] Here, the chain is information designating the processing
order of the VNFs 4 that are caused to perform processing of
packets received from users. For example, a processing order of
packet traffic is designated by a chain such that "packets from a
user U to a web server S are processed in an order of
VNF-A.fwdarw.VNF-B.fwdarw.VNF-C". The chain is set in advance for
each of controllers 20 that are slave machines, the conversion
devices 10, and CLs/SFFs through instructions from a controller 20
that is one host machine that is present in the communication
system 1.
[0033] As illustrated in FIG. 2, the WAN 2 is configured of
multiple routers 30. Packets received from user terminals are
transferred to destinations such as web servers via the routers 30
that are controlled by a BGP in a distributed manner.
[0034] The cloud platforms 3 are virtualized environments
constructed using OpenStack or the like, and the VNFs 4 that are
virtualized network functions are operated therein. In the cloud
platforms 3, packet traffic is transferred to the respective VNFs 4
via switches 5 through control by the controllers 20.
[0035] Then, a routing protocol such as BGP FlowSpec and a VPN
technology are used to draw target traffic into closest cloud
platforms 3, in which necessary types of VNFs 4 are present, in the
WAN section in the communication system 1 as illustrated in FIG. 1.
Also, traffic is guided to necessary VNFs 4 in the cloud platforms
3 in a proper order using OpenFlow or the like in cloud/DC
sections.
[0036] Configuration of Communication System
Next, the communication system 1 according to the embodiment will
be described with reference to FIG. 3. FIG. 3 is a schematic
diagram illustrating an exemplary outline configuration of the
communication system 1 according to the embodiment. As illustrated
in FIG. 3, the communication system 1 has the conversion devices 10
configured to connect the cloud platforms 3 to the WAN 2 and the
controllers 20 disposed for the respective cloud platforms 3. The
controllers 20 include a single host machine and the other slave
machines.
[0037] Each of the controllers 20 is implemented by a
general-purpose computer such as a personal computer and includes a
storage unit 21 and a control unit 22 as illustrated in FIG. 3.
[0038] The storage unit 21 is implemented by a semiconductor memory
device such as a RAM or a flash memory or a storage device such as
a hard disk or an optical disc. The storage unit 21 stores a
processing program for causing the controller 20 to operate and
data and the like used during execution of the processing program
in advance or temporarily stores the processing program, the data,
and the like every time processing is performed. Note that the
storage unit 21 may be configured to communicate with the control
unit 22 via a communication control unit that is implemented by a
NIC or the like, which is not illustrated.
[0039] In each controller 20 according to the embodiment, the
storage unit 21 stores a chain 21a that is information for
designating VNFs that performs processing of packets received from
a user terminal in a processing order. The chain 21a is set in
advance in the storage unit 21 of the controller 20 host machine in
accordance with service setting for each user. Also, the chain 21a
is set in advance for the controller 20 slave machines through
instructions from the controller 20 host machine as will be
described later.
[0040] Each control unit 22 is implemented using a CPU or the like
and executes the processing program stored in the memory. In this
manner, the control unit 22 functions as a transfer instruction
unit 22a as illustrated as an example in FIG. 3.
[0041] The transfer instruction unit 22a provides an instruction of
a transfer destination of a packet to the conversion device 10
connected to the same cloud platform 3, the VNF 4, or other
controller 20 in accordance with the processing order of the
chain.
[0042] Specifically, the transfer instruction unit 22a uses
OpenFlow or the like to provide an instruction for transfer to each
VNF 4 via the switch 5 in the same cloud platform 3. Also, in a
case in which a recent VNF-C in the processing order of the chain
is not in the same cloud platform 3, the transfer instruction unit
22a provides an instruction of a transfer destination of the packet
to the conversion device 10 connected to the same cloud platform 3
and the controller 20 in another cloud platform 3.
[0043] Each device that has received the instruction of the
transfer destination uses a route distributed by the conversion
device 10 as will be described later to set a route corresponding
to the chain.
[0044] Each conversion device 10 is implemented by a
general-purpose computer such as a personal computer, for example,
and includes a storage unit 11 and a control unit 12 as illustrated
in FIG. 3.
[0045] The storage unit 11 is implemented by a semiconductor memory
device such as a Random Access Memory (RAM) or a flash memory or a
storage device such as a hard disk or an optical disc. The storage
unit 11 stores a processing program for causing the conversion
device 10 to operate and data and the like used during execution of
the processing program in advance or temporally stores the
processing program, the data, and the like every time processing is
performed.
[0046] In each conversion device 10 according to the embodiment,
the storage unit 11 stores a chain 11a that is similar to the chain
21 of the controller 20. The chain 11a is set in advance through an
instruction from the controller 20 host machine as will be
described later. Note that the storage unit 11 may be configured to
communicate with the control unit 12 via a communication control
unit that is implemented by a Network Interface Card (NIC) or the
like, which is not illustrated.
[0047] The control unit 12 is implemented by a Central Processing
Unit (CPU) or the like and executes the processing program stored
in the memory. In this manner, the control unit 12 functions as a
construction unit 12a, a distribution unit 12b, and a transfer unit
12c as illustrated in FIG. 3.
[0048] The construction unit 12a constructs VPNs connected to the
VNFs 4 in the cloud platform 3 in the WAN 2. Also, the construction
unit 12a further constructs VPNs for transmitting packets to
destination user terminals at an end of the chain.
[0049] Here, FIG. 4 and FIG. 5 are explanatory diagrams for
explaining processing of the communication system 1. First, the
construction unit 12a constructs VPNs connected to the VNFs 4 in
the cloud platform 3 in the WAN 2 as illustrated as an example in
FIG. 4. For example. FIG. 4 illustrates that a VPN-A connected to a
VNF-A, a VPN-B connected to a VNF-B, a VPN-C connected to a VNF-C,
and the like are set.
[0050] Specifically, the construction unit 12a constructs the VPNs
connected to the VNFs 4 in the same cloud platform 3 first in
initial setting at the time of network construction as illustrated
as an example in FIG. 5. In other words, the construction unit 12a
transmits and receives BGP signals to and from the routers 30 in
the WAN 2 and sets a Virtual Routing Forwarding table (VRF) that is
a routing table of the VPNs connected to the VNFs 4 in the same
cloud platform 3 (Step S11).
[0051] Also, the construction unit 12a sets a VRF for connection
via another conversion device 10 corresponding to a different cloud
platform 3 for the VNFs 4 in the different cloud platform 3 with
the routers 30 in the WAN 2 (Step S12). As a result, VRFs
corresponding to all the VNFs are set in the routers 30 in the WAN
2.
[0052] Also, at an end of the chain where there is no VNF to be
processed next, the construction unit 12a constructs a return VPN
for transmitting a packet to a destination user terminal. Note that
in the example illustrated in FIG. 4, a default VPN means a network
in which a BGP FlowSpec router for redirecting a packet received
from a user terminal to a VNF at the head of the chain has been set
as will be described later. Also, the return VPN means a network in
which no BOP FlowSpec route for redirecting to the VNF has not been
set.
[0053] Returning to description of FIG. 3, the distribution unit
12b distributes a default route designating the conversion device
10 as a transmission destination as a route to a VNF 4 in the cloud
platform 3 to which the conversion device 10 belongs, to the
routers 30 and other conversion devices 10 in the WAN 2. Also, the
distribution unit 12b distributes a redirect route to the VNF at
the head of the chain when the VNF is in the cloud platform 3 to
which the conversion device 10 belongs to the routers 30 in the WAN
2.
[0054] Specifically, the distribution unit 12b issues an
advertisement of a route designating the same conversion device 10
as a transmission destination as a default route to the VNF 4 in
the cloud platform 3 to which the same conversion device 10 belongs
for the routers 30 and other conversion devices 10 in the WAN 2 in
initial setting at the time of network construction as illustrated
in FIG. 5 (Step S13).
[0055] For example, the conversion device 10 connected to a cloud
platform 3 (host) under the controller 20 host machine issues
advertisement of a default route to the VPN-A connected to the
VNF-A and a default route to the VPN-B connected to the VNF-B in
FIG. 4. The conversion device 10 connected to a cloud platform 3
(slave) issues an advertisement of a default route to the VPN-A
connected to the VNF-A and a default route to the VPN-C connected
to the VNF-C.
[0056] Before communication with a user terminal is started, the
distribution unit 12b sets, for the routers 30, a BGP FlowSpecific
route for redirecting to the VNF 4 at the head of the chain as a
redirect route when the VNF 4 is in the cloud platform 3 to which
the same conversion device 10 belongs.
[0057] FIG. 5 illustrates a setting example of a redirect route
corresponding to a chain with content that "packets coming from an
address A are caused to pass through a Web Application Firewall
(WAF) and mitigation" (Step S14).
[0058] For example, the conversion device 10 connected to the cloud
platform 3 (host) in which the WAF is present sets, for the routers
30, a BGP FlowSpec route for "redirecting the address A to the VPN
for the WAF (at the head of the chain)" (Step S16).
[0059] Note that as illustrated in FIG. 5, the chain 11a is set in
each controller 20 slave machine, each conversion device 10, and
the CL/SFF in each cloud platform 3 through an instruction from the
controller 20 host machine at the time of user setting before
communication with the user terminal is started (Step S15). In
other words, a chain with the same content as that of the chain 21a
set for the controller 20 host machine through an operator's input
operation (Step S14) is set in each device. In each device, a route
corresponding to the chain is set using the route distributed by
the conversion device 10.
[0060] Also, the router 30 that has received a packet corresponding
to a chain uses the set route to transfer the packet when
communication is started. Note that in a case in which a plurality
of conversion devices 10 distribute routes to a same type of VNFs
4, a router 30 that has received a packet selects an optimal route
in an Interior Gateway Protocol (IGP) among the distributed routes
and transfers the packet.
[0061] For example, a route with a small distance value of a
distance vector-type routing protocol or a route with a low cost
for Open Shortest Path First (OSPF) is selected as an optimal
route. In this manner, it is possible to draw a packet traffic to
the closest cloud in terms of the IGP. As a result, it is possible
to implement wide-area chaining passing through the shortest
route.
[0062] Returning to the description of FIG. 3, the transfer unit
12c transfers a received packet to a recent VNF 4 in the processing
order of the chain when the VNF is in the cloud platform 3 to which
the conversion device 10 belongs. In addition, the transfer unit
12c transfers the received packet to the conversion device 10
connected to the recent VNF in the processing order of the chain
when the VNF 4 is in a cloud platform 3 that is different from the
cloud platform 3 to which the conversion device 10 belongs.
[0063] Here, processing after communication is started will be
described with reference to FIG. 6. FIG. 6 is an explanatory
diagram for explaining processing of the communication system 1.
FIG. 6 illustrates an exemplary case in which a route corresponding
to a chain with content that "packets from the user U to the server
S are processed in an order of
VNF-A.fwdarw.VNF-B.fwdarw.VNF-C".
[0064] A router (1) that has received a packet from the user U
transfers the packet to the conversion device (1) in accordance
with a FlowSpec table indicating a redirect route to the VNF-A and
a BGP table A indicating a default route to the VNF-A (Step
S21).
[0065] In the conversion device (1) that has received the packet,
the transfer unit 12c transfers the packet to the VNF-A using an
OpenFlow table indicating a VXLAN A as a destination (Step
S22).
[0066] In the cloud platform 3, the packet is transferred in an
order of VNF-A.fwdarw.VNF-B (Step S23). Next, the packet is
transferred to the conversion device (1) using the VNF-C in another
cloud platform 3 as a transfer destination (Step S24).
[0067] In the conversion device (1), the transfer unit 12c uses a
BGP table C indicating a default route to the VNF-C to transfer the
packet received from the cloud platform 3 to the conversion device
(2) connected to the VNF-C(Step S25).
[0068] In the conversion device (2), the transfer unit 12c
transfers the packet to the VNF-C using the OpenFlow table
indicating a VXLAN C as a destination (Step S26).
[0069] Note that transfer to the conversion device (2) connected to
the cloud platform 3 is made at the end of the chain (Step S27). In
that case, the conversion device (2) transfers the packet to the
router (2) connected to the destination server S using "BGP table
return" indicating a default route to a return VPN. (Step S28).
[0070] Communication Processing
Next, communication processing of the communication system 1
according to the embodiment will be described with reference to
FIG. 7. FIG. 7 is a flowchart illustrating an exemplary procedure
for the communication processing. The flowchart in FIG. 7 is
started at a timing at which an operation for providing an
instruction for a start is input, for example.
[0071] In the conversion device 10, the construction unit 12a
constructs a VPN connected to the VNF 4 in the cloud platform 3, in
the WAN 2. The construction unit 12a constructs a VPN for
transmitting a packet to a destination user terminal at the end of
a chain (Step S1).
[0072] In the conversion device 10, the distribution unit 12b
distributes a route designating the conversion device 10 as a
transmission destination as a default route to the VNF 4 in the
cloud platform 3 to which the conversion device 10 belongs, to the
routers 30 and other conversion devices 10 in the WAN 2. The
distribution unit 12b distributes a redirect route to the VNF at
the head of the chain when the VNF is in the cloud platform 3 to
which the conversion device 10 belongs to the routers 30 in the WAN
2 (Step S2).
[0073] In the controller 20, the transfer instruction unit 22a
provides an instruction of a packet transfer destination to the
conversion device 10 connected to the same cloud platform 3, the
VNF 4, or other controllers 20 in the processing order of the chain
(Step S3). Each device that has received the instruction of the
transfer destination uses the route distributed by the conversion
device 10 to set the route corresponding to the chain.
[0074] In a case in which a packet corresponding to the chain has
been received, the communication system 1 transfers the packet in
the processing order of the chain (Step S4). In other words, in the
conversion device 10, the transfer unit 12c transfers the received
packet to the VNF 4 when the recent VNF in the processing order of
the chain is in the cloud platform 3 to which the conversion device
10 itself belongs. The transfer unit 12c transfers the received
packet to the conversion device 10 connected to the VNF 4 when the
recent VNF in the processing order in the chain 11a is in a cloud
platform 3 that is different from the cloud platform 3 to which the
conversion device 10 itself belongs. In this manner, the packet is
transferred in the processing order of the chain, and a series of
the communication processes are completed.
[0075] As described above, the communication system 1 according to
the embodiment has the conversion devices 10 configured to connect
the cloud platforms 3 and the WAN 2 and the controllers 20 disposed
for the respective cloud platforms 3. In the communication system
1, the storage unit 11 in each conversion device 10 stores the
chain 11a designating the VNF 4 that processes the packet received
from the user terminal in the processing order. Also, the
construction unit 12a constructs the VPN connected to the VNF 4 in
the cloud platform 3 in the WAN 2. In addition, the distribution
unit 12b distributes the default route designating the conversion
device 10 itself as a transmission destination as a route to the
VNF 4 in the cloud platform 3 to which the conversion device 10
itself belongs to the routers 30 and other conversion devices 10 in
the WAN 2. Also, the distribution unit 12b distributes the redirect
route to the VNF 4 to the routers 30 in the WAN 2 when the VNF at
the head of the chain 11a is in the cloud platform 3 to which the
conversion device 10 itself belongs.
[0076] In the controller 20, the storage unit 21 stores the chain
21a. Also, the transfer instruction unit 22a provides an
instruction of a packet transfer destination to the conversion
device 10 connected to the same cloud platform, the VNF 4, or other
controllers 20 in the processing order of the chain 21a.
[0077] In addition, the transfer unit 12c of the conversion device
10 transfers the received packet to the VNF 4 when the recent VNF
in the processing order of the chain is in the cloud platform 3 to
which the conversion device 10 itself belongs. The transfer unit
12c transfers the received packet to the conversion device 10
connected to the VNF 4 when the recent VNF in the processing order
of the chain 11a is in the cloud platform 3 that is different from
the cloud platform 3 to which the conversion device 10 itself
belongs.
[0078] In this manner, it is possible to easily implement service
chaining in a wide area across a plurality of clouds/DCs using
existing technologies between the WAN section and the cloud/DC
section. In addition, it is possible to achieve wide area chaining
passing a shortest route by drawing a packet traffic to the closest
cloud in terms of the IGP.
[0079] Note that the transfer instruction unit 22a provides an
instruction of a VNF, which has been designated in an instruction
from another controller 20, as a packet transfer destination in a
case in which a VNF immediately before the VNF, which has been
designated as the packet transfer destination in the instruction
from another controller 20, in the processing order of the chain is
in the same cloud platform 3 as well.
[0080] In other words, the drawing of the packet traffic into the
VNF-B is allowed to be carried out both in the processing order
represented by the solid-line arrow and in the processing order
represented by the dashed-line arrow in the example illustrated in
FIG. 4. In other words, drawing of the packet traffic into the
VNF-B is allowed both in the case in which the packet traffic is
taken over from the VNF-A in the same cloud platform 3 and in the
case in which an instruction is provided from the conversion device
10 via the VPN-B.
[0081] FIGS. 8A and 8B are explanatory diagrams for explaining
advantages of the communication processing in the communication
system 1. As illustrated in FIG. 8A, a server is centralized at one
DC, and communication is terminated merely by accessing centralized
calculation resources in the related art.
[0082] On the other hand, in recent years, cloud/DC platforms are
distributed on the basis of concepts of edge computing and CORD as
illustrated in FIG. 8B, and communication makes a detour to clouds
in which necessary service functions are present and are thus not
terminated at one cloud platform. In such a situation, it is
possible to terminate communication by allowing the communication
to pass between the distributed clouds/DCs through a shortest route
according to the communication system 1 in the aforementioned
embodiment.
Example
[0083] FIG. 9 is an explanatory diagram for explaining an example
of the communication processing in the communication system 1. FIG.
9 illustrates exemplary processing in a case in which a high-speed
WAN, WAF, and DDoS reduced services are provided to a certain user
U. In this case, an operator sets utilization of a WAN high speed
device (WPA), WAF, and DDoS mitigation (MIT) as a service setting
for the user U in the controller 20 host machine.
[0084] The controller 20 host machine provides instructions for
setting chains to the respective devices in the communication
system 1 on the basis of the service setting. For example, chains
such as "a packet output by the user U is to be processed in an
order of WPA.fwdarw.WAF.fwdarw.MIT" and "a packet for which the
user U is designated as a destination is to be processed in an
order of MIT.fwdarw.WAF.fwdarw.WPA" are set.
[0085] In this manner, the service set for the user U can be
provided while allowing the packet traffic output by the user U to
pass through the shortest route in the order of WPA
VPN.fwdarw.WPA.fwdarw.WAF VPN.fwdarw.WAF.fwdarw.MIT
VPN.fwdarw.MIT.fwdarw.return VPN, as illustrated as an example in
FIG. 9.
[0086] Program
It is also possible to create a program describing the processing
executed by the communication system 1 according to the
aforementioned embodiment in a computer-executable language. In one
embodiment, the conversion devices 10 and the controllers 20 that
configure the communication system 1 can be implemented by causing
a desired computer to install a communication program executing the
aforementioned communication processing as packaged software or
on-line software. For example, information processing devices can
be caused to function as the conversion devices 10 and the
controller 20 in the communication system 1 by causing the
information processing devices to execute the aforementioned
communication program. An example of computers that execute the
communication program for implementing functions that are similar
to those of the conversion devices 10 and the controllers 20 in the
communication system 1 will be described below.
[0087] FIG. 10 is a diagram illustrating an example of the
computers that execute the communication program. A computer 1000
includes, for example, a memory 1010, a CPU 1020, a hard disk drive
interface 1030, a disk drive interface 1040, a serial port
interface 1050, a video adapter 1060, and a network interface 1070.
These components are connected to each other via a bus 1080.
[0088] The memory 1010 includes a Read Only Memory (ROM) 1011 and a
RAM 1012. The ROM 1011 stores a boot program such as a Basic Input
Output System (BIOS), for example. The hard disk drive interface
1030 is connected to a hard disk drive 1031. The disk drive
interface 1040 is connected to a disk drive 1041. A removable
storage medium such as a magnetic disk or an optical disc, for
example, is inserted into the disk drive 1041. A mouse 1051 and a
keyboard 1052, for example, are connected to the serial port
interface 1050. A display 1061, for example, is connected to the
video adapter 1060.
[0089] Here, the hard disk drive 1031 stores, for example, an OS
1091, an application program 1092, a program module 1093, and
program data 1094. Each table used in the processing is stored in,
for example, the hard disk drive 1031 and the memory 1010.
[0090] Also, the communication program is stored as a program
module 1093, in which commands executed by the computer 1000 are
described, in the hard disk drive 1031, for example. Specifically,
the program module 1093 in which the processing executed by the
communication system 1 as described in the aforementioned
embodiment is described is stored in the hard disk drive 1031.
[0091] Also, the data used in information processing performed by
the communication program is stored as the program data 1094 in the
hard disk drive 1031, for example. The CPU 1020 then reads, in the
RAM 1012, the program module 1093 and the program data 1094 stored
in the hard disk drive 1031 as needed and executes each of the
aforementioned procedures.
[0092] Note that the program module 1093 and the program data 1094
related to the communication program are not limited to the case in
which the program module 1093 and the program data 1094 are stored
in the hard disk drive 1031, and the program module 1093 and the
program data 1094 may be stored in a removable storage medium, for
example, and may be read by the CPU 1020 via the disk drive 1041 or
the like. Alternatively, the program module 1093 and the program
data 1094 related to the communication program may be stored in
another computer connected via a network such as a Local Area
Network (LAN) or a WAN and may be read by the CPU 1020 via the
network interface 1070.
[0093] Although the embodiments to which the present invention made
by the present inventor is applied have been described above, the
present invention is not limited by any description or drawings as
a part of the disclosure of the present invention based on the
embodiments. In other words, all other embodiments, examples,
running technologies, and the like achieved by those skilled in the
art on the basis of the embodiments are included in the scope of
the present invention.
REFERENCE SIGNS LIST
[0094] 1 Communication system [0095] 2 WAN [0096] 3 Cloud platform
[0097] 4 VNF [0098] 10 Conversion device [0099] 11 Storage unit
[0100] 11a Chain [0101] 12 Control unit [0102] 12a Construction
unit [0103] 12b Distribution unit [0104] 12c Transfer unit [0105]
20 Controller [0106] 21 Storage unit [0107] 21a Chain [0108] 22
Control unit [0109] 22a Transfer instruction unit [0110] 30
Router
* * * * *
References